LDAP Connector in CUP . No LDAPS? Surely not?

Hi all,
I have the LDAP Connector in CUP sucessfully binding to an Active Directory over port 389. It's now time to switch to LDAPS/SSl over port 636..but I have read on this forum that CUP does not support LDAPS connections. Surely this cannot be true???? No company in their right mind would allow an unencrypted connection to their Production AD/LDAP.
And I can't use the UME to connect to AD over LDAPS as this is already configured as an ABAP dataSource so cannot be switched (according to SAP and the customer).
Regards
Daniel

Found the OSS note saying it is not supported. Hard to believe.

Similar Messages

  • OIM LDAP connector for internal WebLogic LDAP?

    Has anyone ever used OIM to manage internal LDAP for WebLogic?  I'm considering it for compliance reasons.    

    Interesting thought, but how is the authentication realm configured in WLS for you? If it's just the default authentication provider in your security realm then you got only 3-4 odd users to manage (an overkill to use connector?).  Make sure that you manage those account as service accounts from OIM, you don't want to corrupt out our domain by accident.
    -Bikash

  • CUP Connector type SAP EP LDAP

    Hi Experts,
           I noticed the connector type SAP EP LDAP the other day when setting up some new ABAP connectors.  Does anyone know what this type of connector is used for?  I couldn't find any documentation on it.

    Hi Christopher,
    this is what I got told - I'm not sure whether this made it into the doco yet:
    "  SAPEP  LDAP is used for LDAP Group provisioning. It will have 2 LDAP connectors mapped.  Internal and External.  In CUP you can import the  groups form these two ldaps and provision them using Access Request. "
    Cheers,
    Dominic

  • GRC 5.3 CUP SP16 - User info not loading from LDAP into CUP

    Hello,
    We have multiple LDAPS that we needed to connect to our CUP system to authenticate the userids before a request can be created for them. And also to bring in Manager ID and manager email from LDAP as the first level approver for requests.
    My client hasn't maintained the actual LDAP userids, Manager and manager email fields correctly, so we utlized three other custom fields in LDAP and then did field mapping in CUP for those fields. But even when the connection to all the LDAPs is successful, there's no user information being pulled in from LDAP into CUP.  I noticed that when I use our backend SAP QA system as 'User Data Source' while using multiple LDAPS for 'User Detail Source Data' , it only reads data from SAP QA system SU01 area and even when I'm trying to create requests, no Manager info is being pulled from LDAPS for that user id. 
    SAP does not allow the use of multiple LDAPS for the configuration-->User Data Source , top option.  So, if a client has userids in multiple systems, it can only read from one data source.  But even when I temporarily assigned one active directory LDAP to the 'user data source' option, it stated, no records found. So, something is up that no data is being pulled from LDAPs even when the connection to those systems is successful. I just asked our AD guy to temporarily assign domain admin rights to that LDAP connection ID to see if it's access issue, and still I am not getting any LDAP data to read into GRC CUP.
    Anyone else has had this issue? Is there especial access that the LDAP connection id needs access in LDAP to be able to retreive data into GRC? Is there any jobs that need to be run to read LDAP data. I thought it should be live as the system is connected to LDAPs. I don't understand if the connection is successful, why the user info is not being pulled from there and even after the LDAP custom field mapping is done, those field values are not showing up on requests.
    We need the following to happen:
    1). Authenticate the custom userid field in LDAPs to ensure this user exist as an employee b4 request can be created for the user. For this I have configured the multiple LDAPS for the 'Authentication'. But it doesn't seem to confirm that option when creating a request for a user.
    2). The user details info source should bring in the custom manager id and manager email into the request to send the first level of approval via workflow to that manager. Since SAP doesn't give the option to define approvers per user group values in CUP, we had to actually map all the User Owner approvers this way since their direct managers are not aware of  what to request as the User owner approvers per user group are.  So, we added custom fields for Manager id and Manager EMail into LDAP to be ready automatically into the request when reading user id while creating request.
    I will greatly appreciate anyone's help on how they got the LDAP field values to be read into GRC CUP for request processing and what type of encripted access can a LDAP connection id have without assigning it complete domain admin rights on an open port 389 for LDAP and GRC CUP connection.
    Thanks and Regards,
    Alley

    Hi Alley,
    1). Authenticate the custom userid field in LDAPs to ensure this user exist as an employee b4 request can be created for the user. For this I have configured the multiple LDAPS for the 'Authentication'. But it doesn't seem to confirm that option when creating a request for a user.
    This is not possible. You can have only 1 LDAP. Why you want to authenticate the user in different sources?? CUP looks at only one user source, not many. The below wiki explains you the configuration part:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b089fb71-a3b7-2a10-64a2-8c77243b0664
    2). The user details info source should bring in the custom manager id and manager email into the request to send the first level of approval via workflow to that manager. Since SAP doesn't give the option to define approvers per user group values in CUP, we had to actually map all the User Owner approvers this way since their direct managers are not aware of what to request as the User owner approvers per user group are. So, we added custom fields for Manager id and Manager EMail into LDAP to be ready automatically into the request when reading user id while creating request.
    Based on user group is not possible. However, if you wish to maintain the Manager's Field, ensure that the CUP mapping is done correctly from the Configuration, Field Mapping, LDAP Mapping.
    While defining the workflow, take the approver determinator as Manager. This will route the request to the users manager. Also, ensure that LDAP is the source in all the confiuration areas in CUP.
    Check note 1228996 for more information.
    Hope this helps!!
    Regards,
    Raghu

  • OIM LDAP connector does not update fields

    Hi,
    I have installed and configured LDAP connector to SunOne directory server. All default adapters configured in the process form seem to work. But when I added my own attributes and used the adpIPLANETMODIFYUSER to update the values to LDAP server, nothing happened. The create user action works with the new attributes. It does not do anything when I change the values of those user defined fields.
    Any help will be appreciated.
    Iris

    Hi Iris,
    For a process task to be called the name of the task should start with label of the field.For example if the Last Name field is updated the task name should be 'Last Name Updated', So make sure your task name is like that.
    Also check the Conditional box in the Task. This will make the task called when a condition is met. Also enable the adapter to be called during the Pre-Update in the event handler form.
    Lookup definition is the mapping defined from xellerate resource profile to the end resource. If it is a new field which is not added by default, then you have to update the lookup definition. For example for AD there is a mapping called Atmap.AD. I am wondering if there is such mapping for iPlanet.(Check if the lookup definition is present).
    Thanks.
    Subhani Shaik

  • Error in LDAP Connector

    hi,
    Our idm use HCM,  so I try to use LDAP retrieved HR data. The JCo of Our idm and the ABAP RFC typed T run smoothy. When I start LDAP connector, it tells "Error starting LDAP Connector at operating system level".  In ST11, it reads follow:
       ======> JCO.Server could not find server function 'LDAPRFC_LOAD'
      ABAP Programm: SAPLSLDAP_CCMS (Transaction: LDAP)
      Called function module: LDAPRFC_LOAD
    I can't find the funtion LDAPRFC_LOAD.
    Is there any one can tell me a good method to solve it? Thanks very much!
    lily

    Forget to install LDAP Client at HCM OS

  • LDAP connector/interface for business partner

    Hi Experts ,
    Our requirement is we have certain applications which are integrated
    with SAP Portal.
    For these applications Data sources are maintained in two different
    LDAPS.
    One LDAP (enterprise directory) is for USER data and the other LDAP for
    Company data(in this senario company data is nothing but business
    partner role oragnization).
    So here the question is, Can we use SAP standard LDAP connectors to
    make connectivity to the enterprise directory(LDAP)and push business
    partners data from CRM to the enterprise directory.
    In Standard SAP CRM system which are standard LDAP connectors support
    this functionality?
    Please advice me and also let me know if we have any SAP notes for this
    senario.
    Best Regards
    Prasad

    Curtis,
    The short answer is that the SAP Business One integration Technology was not built to do what you are asking.  The technology is to be able to move data, and all the ETL that goes with it, between systems such as the Integration Technologies out-of-the-box business scenarios for the integration of data between an R/3 system (headquarters) and it subsidiary(s) using SAP Business One.  The SAP Business One Integration Technology is used to visually create model driven integrations between systems without using code as you do with the DI Server and/or SDK.  You do not have the ability with this tool to build web interfaces as you are asking.  You would use the DI Server for the purpose that you have outlined.  There is a whitepaper that explains in detail the SAP Business One Integration Technology here on SDN at; https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/52b12740-0901-0010-4097-b85d1f5aee2a.
    Hope that helps,
    Eddy

  • LDAP  connector for Customer masters With SAP..........

    Hi Experts ,
    Our requirement is we have certain applications which are integrated
    with SAP Portal.
    For these applications Data sources are maintained in two different
    LDAPS.
    One LDAP (enterprise directory) is for USER data and the other LDAP for
    Customer  data(in this senario customer  data is nothing but business
    partner role oragnization).
      MY task is to build an interface for Customer data with LDAP sync.
    So here the question is, Can we use SAP standard LDAP connectors to
    make connectivity to the enterprise directory(LDAP)and push business
    partners data from CRM to the enterprise directory.
    In Standard SAP system which are standard LDAP connectors support
    this functionality?
    Please advice me and also let me know if we have any SAP notes for this
    senario.
    Best Regards
    Prasad

    Thank you very much for the useful link Martin. Anyway, there are some things that I cannot find for NX Unigraphics integration:
    In the wiki you can find
    You can download the CAD-Integration-Software from http://service.sap.com/swdc and then goto
    Installations and Upgrades > Supplementary Components for Cross Industry Solutions > Life-Cycle Data Management > SAP PLM Integrations > select the desired integration
    But that path does not exist in SAP download software page.
    Also, in the availability matrix I can find integration with several systems (catia, solid edge, autocad...) but not unigraphics.
    Could you please provide some more information on the topic?
    Thanks a lot.
    Neil

  • Creating users in Active Directory through LDAP connector

    Hello,
    If we need to create users in Active directory using LDAP connector, what are the options for the following:
    1) Update back into SAP from AD. LDAP connector updates only in one direction i.e from SAP to Active directory.
    2) Can we add additional fields in LDAPMAP which are not standard e.g can we we write our own code to extract data from HR to map the value with an attritube within Active directory?
    Regards,
    Ahmad

    Hello!
    I noticed the email in my inbox and understand the reason for deleting it - checked the rules again - no problem with that.
    Here is the posting again - sanitized this time.
    You can create users in LDAP/AD from SAP without a problem. SAP provides function modules to create/maintain/delete users with LDAP attributes in the correct ou path.
    You can also perform group membership assignment in LDAP from SAP if needed.
    I have done this quite a few times at different companies that use SAP HCM.
    A userid in SAP is created automatically during hiring action with default password e.g. birthday of employee and certain authorization roles based on configured information.
    The userid is then created right away in LDAP in the correct ou path (controlled via custom configuration table) and LDAP group membership is assigned.
    A job runs every 8 hours to perform delta updates in LDAP.
    The userid in SAP and LDAP are locked automatically if the user is terminated using termination action in HR.

  • Ms-Active Directory integration with SAP 4.7 SR2 through LDAP Connector

    Dear Gurus,
    Let me clarify the scenario:
    At our end, we are planning for SSO, we are integrating Microsoft ADS with SAP 4.7 IDES
    Following are the system details:
    SAP: IDES 4.7, on Windows 2000 Advance Server, Oracle 8.1.7.,Kernel-620
    MS-Active Directory: Windows 2003 Enterprise Edition, with Service Pack-1
    With the above mentioned landscape we have integrated
    LDAP-Connector on MS-Active Directory, on MS-Active Directory OS
    side we have tested the command (ldap_rfc –a LDAP_ADS –g
    ides.ho.com –x sapgw00) then we are testing it through an
    RFC in SAP 4.7(IDES), with result success.
    Everything is fine Im able to Log ON thru the User but when I try to search objects in LDAP(ie. ADS) thru "FIND", but getting Error message "operation Failed".
    Referred note 511141 for the error.
    Can't find anything more.
    Required help...
    Regards,
    SHAH

    Dear Juergen,
    As of we have applied the SP-level till 40.
    Through LDAP tcode we are able to Logon to the Directory server, and we
    are also able to search, through FIND,
    the system displays all entries below the specified base entry.
    After that we are trying to Synchronize it, using report RSLDAPSYNC_USER through SE38, but its showing following errors:
    Connection created to Server LDAP_ADS (successfully with Green)
    Operation Failed (Error with Red)
    Error message: LDAPRC001
    LDAP_SEARCH failed (Error with Red)
    Error message: LDAPACCESS101
    The System could not create directory objects pool (Error with Red)
    Error message: LDAPSYNC005
    Connection to LDAP_ADS server terminated
    As for first Error: Error message: LDAPRC001, we referred Note 511141,
    Response: "This error msg does not mean that the SAP System sent incorrect data".
    For Error message: LDAPACCESS101 and Error message: LDAPSYNC005, we refferred 696021 and 695026
    Response: to apply the correction change, as our SP level is above the requirement, we have
    level-40.
    Unable to get further, any solution/suggestion.
    Bye for now.
    Regards,
    Shaibaz

  • LDAP Connector Configuration Problem

    We are trying to configure the LDAP connector to sync SAP with out Active Directory. However, the connector is facing an error whenever we are trying to logon to AD. We have checked that we have the correct base entry and distinguished name configured for the server and the system. We just get the error that "LDAP server is not active". Our SAP server is on a different domain than the active directory. Are there any additional steps that need to performed in this scenario?
    Thanks,
    Mithilesh Kotwal.

    Hai,
    Please check your RFC's - LDAP_RFC, also check the below link.....
    http://help.sap.com/saphelp_47x200/helpdata/en/10/1a063a15c611d4b61f0000e835363f/frameset.htm
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/8302a929-0501-0010-05b5-d48f544bc572
    Regards,
    Yoganand.V

  • LDAP-Connector with LDAPS (Port 636)

    Hello everybody,
    i had read some answers but not the right in my opinion.
    I want to connect with the LDAP-Connector (T-Code: LDAP) with an LDAP-Server (OpenDS) over LDAPS (Port 636)?
    But I had read some Notes (456666 and 517755) which describs thats not poosible to connect on a LDAP-Server over LDAPS when the host-system is Linux-based, is it true?
    And one solution is to take the ldap_rfc.exe on a windows-based and use this, is this also right? and if it is rigth, how can i do this?
    The connection to OpenDS-LDAP-Server over Port 389 (LDAP) works fine also syncronisation of attributes.
    Eventually are exists other solutions for my very big problem.
    sorry for my bad english
    regards rene

    Hello René,
    SAP note 456666 is correct. Maintaining the LDAP (LDAPS) connection to the directory service is the task of the LDAP client library, which is not provided by SAP, but by the OS vendor of the system where the LDAP connector is located.
    Only the OS vendor can help on the task of configuring LDAPS with their implementation of the LDAP client library.
    If you intend to use a WIndows then yes, it should work: see the "Solution" section of note 456666.
    You can also refer:
    I hope this helps.
    All the best,
    Cristiano

  • LDAP Connector - no use of ldap_rfc.cfg ?

    Hello.
    we're using LDAP Connector 2.8.8.
    We had created the "ldap_rfc.cfg" in the D:\usr\sap\JSM\DVEBMGS00\work Directory.
    In the file we had defined the value :
    pagesize=200
    But when we're starting the connector it ignores all settings in the configuration file.
    Are we doing something wrong or did we miss a thing ?
    Thanks in advance,
    Sebastian

    Does the "test connection" in SM59 still work?
    If yes, then the problem is in one of the LDAP connector functions.
    If no, then it is most likely a SAP function (or a copy of one...).
    Does ST11 or ST22 give you any more usefull information in a dump (e.g. which function is being called in the program)?
    Also try a gateway trace (transaction SMGW -> Expert Functions) Choose the GW trace in the security menu - NOT the "Trace Level Up / Down" functions, as this is the developer trace!
    LDAP032 looks to me like an "other error" returned from the external program not registering at the gateway... so you will only find the reason in that program's documentation and not within the ABAP application.
    The function list shows the following:
    LDAPRFC_LASTERR
       documentation not availabale
    LDAPRFC_DELETE
       documentation not availabale
    LDAPRFC_ADD
       documentation not availabale
    LDAPRFC_MODIFY
       documentation not availabale
    LDAPRFC_RENAME
       documentation not availabale
    LDAPRFC_COMPARE
       documentation not availabale
    LDAPRFC_SEARCH
       documentation not availabale
    LDAPRFC_OPTIONS
       documentation not availabale
    LDAPRFC_UNBIND
       documentation not availabale
    LDAPRFC_BIND
       documentation not availabale
    So if you cannot find a SAP Note or infos in the config guide, then I guess your only option is to open an customer message via https://service.sap.com
    (Tip: first check the config guide to make sure your config file is infact correct)
    Cheers,
    Julius
    Edited by: Julius Bussche on Jan 4, 2010 7:38 PM

  • Generic LDAP Connector used against AD

    I am trying to use the generic LDAP connector to provision to a development AD. The only port available is 389 so the AD MA cannot be used because it requires 88 for Kerberos. 
    The generic LDAP hangs during configuration after the Configure Anchors screen.  The release notes say that it will work against 3389 on a GC.
    Is there some special set of choices to configure this to connect to Active Directory?
    Randy

    I let the process run for about an hour and the MA create wizard moved to the next step. It took about an hour on the last property panel of the create wizard as well. The configuration was limited to just the Users container and only the user object type
    and only a handful of attributes.
    Randy

  • How to save HR data in Active Directory using ABAP i.e thru LDAP Connector

    Hi All,
           Can any one please help me out how
           to save HR data in Active directory
           using LDAP Connector ?             
           Please help ASAP as it is very urgent .
    Thanks
    Jitendra

    There are 100 of such scripts are there online.
    here are few tips and codes. you will get more.  
    https://gallery.technet.microsoft.com/scriptcenter/Feeding-data-to-Active-0227d15c
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/10/31/use-powershell-to-modify-existing-user-accounts-in-active-directory.aspx
    http://powershell.org/wp/forums/topic/ad-import-csv-update-attributes-script/
    Please mark this as answer if it helps

Maybe you are looking for

  • Charged for a returned phone.

    Before deciding to post this, I read many posts from other Verizon customers in similar situations. Before I go ahead and proceed further with an option on how to move forward, I am hoping to get more insight and advice from anyone willing to share t

  • Web Sharing set up question

    First... I thank you in advance for your time and efforts on this issue that I have. ========= I have 4 macs each hooked up to separate TVs and running Plex for content serving and so far have been able to adequately manage the lot of them. I can rem

  • Some Suggestion

    Dear All, I am new to Oracle 10g and I want to know the differences between 9i and 10g can any of you suggest or recommend me some resources to learn these differences

  • Help Downloading Applications and Games

    I'm new to Blackberry, so sorry if this question seems a little basic. I'm trying to download some applications and games to my BB using the Application Loader. When I go through the process and click on the finish button, I get the message: The foll

  • Alert Watch: can not define a MB unit for network inbound

    I want to create a alert rule for the cloud service, this rule is defined as the network inbound is less than 100MB within one hour, what makes me confused is that I can not find a MB unit, only byte unit can be used. Can anyone help or repost this i